BD2020 New false positives: Quicken\Screenshare and FoxitPDF\PreviewHost

Just happened in this morning's scan:


I don't want to delete them because they are relevant to the two products. But they've been moved to quarantine and "disinfection is in progress", and I can no longer launch either product until I do something.

What am I supposed to do??

Answers

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited November 2020

    Hi Member,

    Go forward and set exclusion of the complete software in bitdefender and after that restore the files from quarantine.

    https://www.bitdefender.com/consumer/support/answer/13427/

    Can you also share the virustotal link after setting exclusion and restoring the files. I suppose the detection is incorrect and needs to be removed. Kindly share me the virustotal link of both the files so that I can share it with malware research team and get the detection removed if it is really not malicious.

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Thank you for you assistance. But I'm afraid I don't know where to find the items you're asking me to provide to you. Furthermore, the user interface is very much incomprehensible (to me, anyway), for things which really should be very basic and fundamental and intuitive. I have no idea how to look at reports from scans, or what's in quarantine right now, etc.

    ==> You need to tell me where to find the "virustotal link" from the earlier scan that correspond to the two reported items. I have no idea where they might be located, assuming they're still present and available at this moment..

    I honestly don't know what BitDefender did when I responded "no action" (as opposed to "proper action" which I assumed would quarantine and then delete). That seemed to get the "your computer is infected" window off of the screen, but I now really had no idea what was happening.

    I think I rebooted and saw a message about "your anti-virus is cleaning your computer", and then "cleaning complete", or something like that. Then normal booting happened. I was of course totally baffled as to what was going on, and why this was happening if I'd selected "no action".

    Again, the BitDefender user interface is badly designed to my way of thinking. It may be a wonderful product, but I have no idea where to look to see things I want to see.

    Anyway...

    I decided to do a complete UNINSTALL and REINSTALL of FoxitPDF (this was version 9.7.4). It was unclear what BitDefender had done so far and I thought this was probably the best way to get past this. Strangely I have the same products (both Quicken and FoxitPDF) installed on other machines (along with BitDefender on them as well) and hadn't seen this problem show up on those other scans. So it seemed there was something unusual about this particular machine, so why not just reinstall the software and see if the issue disappeared.

    After uninstall of FoxitPDF, I then manually deleted whatever I found in \Program Files and \Program Files (x86). I also used REGEDIT to delete the keys present in HKCU\Software\Foxit Software and HKLM\Software\Foxit Software. Then I re-booted and reinstalled using the latest up-to-date 9.7.4 installer. Re-booted one more time, just to be sure.

    I then ran another Quick Scan (which runs every morning, and which had produced the "infection" reports this morning). And the scan no longer produced EITHER REPORT!! I have no idea why not. Unless whatever got "cleaned" previously (remember those strange messages at re-boot regarding "cleaning") somehow straightened things out, I don't know why I should no longer be getting the two infection reports.

    Presumably the reinstalled 9.7.4 FoxitPDF is exactly the same as it previously was. And I hadn't done anything with Quicken yet, so it should still look like it did earlier. Before the reboots and "cleaning", I had been unable to launch either FoxitPDF or Quicken. And yet now I can launch both of them. Yes, I have uninstalled/reinstalled FoxitPDF and it apparently now has a "clean bill of health" from BD QuickScan, but I didn't do anything yet for Quicken.

    Bottom line: at this moment both programs seem to have been restored to what appears to be normal operating status. And there are no longer any reports from BD Quick Scan. Again, I plead bafflement. Mostly, I don't know where in the BD GUI I would go to see what currently is in "quarantine", or not. And the procedure for what to do if something does get reported, well again... I would normally assume "take no action" means "automatically whitelist it". But I guess that's not what it means for BD. I need to read FAQ and other documentation more thoroughly I suppose, to really understand what I'm expected to do.

    For now, however, I would like to provide you with the virustotal link values from earlier, if you tell me where they are.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited November 2020

    Well, virustotal.com is a website which scans a particular files with majority of av vendors. So I thought after restoring the files from the quarantine you could just upload those files on virustotal.com in order to see if other av vendors also detected it. But I guess now you have reinstalled your software, and it cannot be done. Good to now that your issue has been resolved.

    Regards

    Flex

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • I see. Hadn't ever heard of this site before now.

    I went to virustotal.com and checked on the FoxitPDF file, FoxitPreviewHost.exe. No other engines had detected it. The link for that one is:


    I also checked the Quicken file, cefscreenshare.exe. Turns out one engine had detected it: VBA32. The link for this one is:


    Anyway, both programs now appear to be working again as I said before. Thanks for your assistance.